Dear All,
How may I imbed the 2FA of Google authenticator while logging into the RTIR website?
My base OS is Ubuntu 22.04 having Nginx and Mariadb configured.
Thanks.
The method described in the docs off loads authentication to the web server, but someone has made a plugin to add 2FA to the normal login. ivarch/rt-extension-totpmfa: Request Tracker extension implementing multi-factor authentication (MFA) with time-dependent one-time passwords (TOTP). - Codeberg.org
I have implemented the TOTP but the issue is, user has to enable TOTP after his/her login which is wrong a wrong step. It must be auto enabled and when any user want to login or after login QR code should be in front of. But the same thing is not happening as should be.
That is surely inevitable? The user must set up the TOTP seed on their device before it can be used. Which requires them to be logged in. I don’t see any safe way around that but perhaps I am missing something about your use case.
It would be good if the code only allows one non-TOTP login and insists on it being set if it is not, but I’m afraid I don’t know if the module handles that.
Yes, i have logged in first without TOTP then i enabled the QR code and scanned, after that logged out and after 2nd time login then the 2FA field is showing.
Although it should be shown on the first page to scan QR code and then login.
One more thing is that when entering the 2FA, all the menus are showing on time of entering 2FA code.